#!/usr/bin/env bash

# AUTHOR: Clemens Schwaighofer
# DATE: 2025/7/4
# DESC: Initial setup of the webhook clone folder structure

BASE_FOLDER=$(dirname "$(readlink -f "$0")")"/";
CONFIG_BASE="${BASE_FOLDER}../config/";
if [ -f "${CONFIG_BASE}webhook.cfg" ]; then
	# shellcheck source=../config/webhook.cfg"
	# shellcheck disable=SC1091
	source <(grep "=" "${CONFIG_BASE}webhook.cfg" | sed 's/ *= */=/g')
fi;

# abort on not set

error=0;
if [ -z "${GIT_WEBHOOK_BASE_FOLDER}" ]; then
	echo "[!] Missing GIT_WEBHOOK_BASE_FOLDER entry";
	error=1;
fi;
if [ -z "${WWW_GROUP}" ]; then
	echo "[!] Missing WWW_GROUP entry";
	error=1;
elif ! getent group "${WWW_GROUP}" > /dev/null 2>&1; then
	echo "[!] Group ${WWW_GROUP} does not exist. Is it the Apache web group?";
	error=1;
fi;
if [ -z "${SUDO_USER}" ]; then
	echo "[!] Missing SUDO_USER entry";
	error=1;
elif [ "${USE_SUDO}" = "0" ] && ! id "${SUDO_USER}" &>/dev/null; then
	echo "[!] SUDO is off, user must exist in system";
	error=1;
fi;
# this script has to be run as root
if [ "$(whoami)" != "root" ]; then
	echo "[!] Script must be run as root user";
	error=1;
fi;

if [ -z "$(command -v setfacl)" ]; then
	echo "Missing setfacl command, aborting";
	error=1;
fi;
if [ -z "$(command -v git)" ]; then
	echo "Missing git command, aborting";
	error=1;
fi;

if [ $error -eq 1 ]; then
	exit;
fi;

# Define base folders
# folder where all the repositories are located
CLONE_BASE="clone-base/"
# log folder for all log files
LOG_FOLDER="log/"
# sync/lone/etc scripts
CLONE_SCRIPTS_FOLDER="scripts/"
# any scripts that have to be run before deploy
DEPLOY_SCRIPTS="deploy-scripts/";
# any secrets that might be needed after clone
SECRETS_FOLDER="secrets/"
# overall config file
CONFIG_FOLDER="config/"
# admin/webhook web interface
WWW_BASE="www/"
WWW_WEBHOOK_INCOMING="${WWW_BASE}webhook-incoming";
WWW_ADMIN="${WWW_BASE}admin";

# jump host PEM file
PEM_BASE="${BASE_FOLDER}../pem/";
JUMP_PEM_FILE="somen-jump.tequila.jp#scripts#webhook-git#ed25519.pem";

# add trailing slash if missing
GIT_WEBHOOK_BASE_FOLDER="${GIT_WEBHOOK_BASE_FOLDER%/}/"

if [ -d "${GIT_WEBHOOK_BASE_FOLDER}" ]; then
	echo "Base folder already exists, update check";
	# check folders
	# check folder ACL
	echo "[TODO] -> Not implemented: check folder, check ACL";
	# copy scripts & default config
	echo "~ Copy basic script and config files";
	# git_sync.sh, init.sh, new_clone.sh, switch_branch.sh, webhook.default.cfg
	cp \
		"${BASE_FOLDER}new_clone.sh" \
		"${BASE_FOLDER}init.sh" \
		"${BASE_FOLDER}git_sync.sh" \
		"${BASE_FOLDER}switch_branch.sh" \
		"${BASE_FOLDER}create_ssh_config.sh" \
		"${GIT_WEBHOOK_BASE_FOLDER}${CLONE_SCRIPTS_FOLDER}";
	cp "${CONFIG_BASE}/webhook.default.cfg" \
		"${GIT_WEBHOOK_BASE_FOLDER}${CONFIG_FOLDER}";
	# and make sure they are all owned by the correct user
	chown "${SUDO_USER}" \
		"${BASE_FOLDER}new_clone.sh" \
		"${BASE_FOLDER}init.sh" \
		"${BASE_FOLDER}git_sync.sh" \
		"${BASE_FOLDER}switch_branch.sh" \
		"${BASE_FOLDER}create_ssh_config.sh" \
		"${CONFIG_BASE}/webhook.default.cfg";
	# check config entries missing
	exit;
else
	echo "=> Create new folder structure";
	# User for sudo, but only if SUDO is enabled
	if [ "${USE_SUDO}" != "0" ]; then
		echo "+ Add user ${SUDO_USER}:${WWW_GROUP} with base folder ${GIT_WEBHOOK_BASE_FOLDER}";
		# Note: we need to set bin bash or we cannot use Jump Host
		useradd -d "${GIT_WEBHOOK_BASE_FOLDER}" -m -s /bin/bash "${SUDO_USER}"
	fi;
	if [ ! -d "${GIT_WEBHOOK_BASE_FOLDER}" ]; then
		echo "+ Create Folder: ${GIT_WEBHOOK_BASE_FOLDER}";
		mkdir "${GIT_WEBHOOK_BASE_FOLDER}";
	fi;
	echo "+ Set folder user/group to ${SUDO_USER}/${WWW_GROUP}";
	# user is not mandatory, but we need to set the group
	setfacl -m u:"${SUDO_USER}":rwx -R "${GIT_WEBHOOK_BASE_FOLDER}"
	setfacl -d -m u:"${SUDO_USER}":rwx -R "${GIT_WEBHOOK_BASE_FOLDER}"
	setfacl -m g:"${WWW_GROUP}":rx -R "${GIT_WEBHOOK_BASE_FOLDER}"
	# SSH
	if [ "${USE_SUDO}" != "0" ]; then
		echo "+ Add .ssh folder"
		sudo -u "${SUDO_USER}" mkdir "${GIT_WEBHOOK_BASE_FOLDER}"/.ssh/
		sudo -u "${SUDO_USER}" touch "${GIT_WEBHOOK_BASE_FOLDER}"/.ssh/config
		sudo -u "${SUDO_USER}" chmod 700 "${GIT_WEBHOOK_BASE_FOLDER}"/.ssh/
		sudo -u "${SUDO_USER}" chmod 600 "${GIT_WEBHOOK_BASE_FOLDER}"/.ssh/config
		# add master jump host
		cat >> "${GIT_WEBHOOK_BASE_FOLDER}"/.ssh/config << 'EOF'
Host UdonGitJump
	Hostname somen-jump.tequila.jp
	User webhook-git
	IdentityFile ~/.ssh/somen-jump.tequila.jp#scripts#webhook-git#ed25519.pem
	Port 37337
EOF
		if [ -f "${PEM_BASE}${JUMP_PEM_FILE}" ]; then
			cp "${PEM_BASE}${JUMP_PEM_FILE}" "${GIT_WEBHOOK_BASE_FOLDER}"/.ssh/;
			chown "${SUDO_USER}:" "${GIT_WEBHOOK_BASE_FOLDER}/.ssh/${JUMP_PEM_FILE}"
			sudo -u "${SUDO_USER}" chmod 600 "${GIT_WEBHOOK_BASE_FOLDER}/.ssh/${JUMP_PEM_FILE}"
		else
			echo "PEM FILE ${JUMP_PEM_FILE} must be added manually"
		fi;
	fi;
	# All other FOLDER
	echo "+ Other folders for clone base: ${CLONE_BASE}, ${LOG_FOLDER}, ${CLONE_SCRIPTS_FOLDER}, ${CONFIG_FOLDER}, ${WWW_WEBHOOK_INCOMING}, ${WWW_ADMIN}"
	sudo -u "${SUDO_USER}" \
		mkdir -p \
		"${GIT_WEBHOOK_BASE_FOLDER}${CLONE_BASE}" \
		"${GIT_WEBHOOK_BASE_FOLDER}${LOG_FOLDER}" \
		"${GIT_WEBHOOK_BASE_FOLDER}${CLONE_SCRIPTS_FOLDER}" \
		"${GIT_WEBHOOK_BASE_FOLDER}${DEPLOY_SCRIPTS}" \
		"${GIT_WEBHOOK_BASE_FOLDER}${CONFIG_FOLDER}" \
		"${GIT_WEBHOOK_BASE_FOLDER}${SECRETS_FOLDER}" \
		"${GIT_WEBHOOK_BASE_FOLDER}${WWW_WEBHOOK_INCOMING}" \
		"${GIT_WEBHOOK_BASE_FOLDER}${WWW_ADMIN}";
	# set basic folder rights, clone folder is excluded
	sudo -u "${SUDO_USER}" chmod 700 \
		"${GIT_WEBHOOK_BASE_FOLDER}${LOG_FOLDER}" \
		"${GIT_WEBHOOK_BASE_FOLDER}${CLONE_SCRIPTS_FOLDER}" \
		"${GIT_WEBHOOK_BASE_FOLDER}${DEPLOY_SCRIPTS}" \
		"${GIT_WEBHOOK_BASE_FOLDER}${CONFIG_FOLDER}" \
		"${GIT_WEBHOOK_BASE_FOLDER}${SECRETS_FOLDER}" \
		"${GIT_WEBHOOK_BASE_FOLDER}${WWW_WEBHOOK_INCOMING}" \
		"${GIT_WEBHOOK_BASE_FOLDER}${WWW_ADMIN}";
	# setfacl -m u:"${SUDO_USER}":rwx -R "${GIT_WEBHOOK_BASE_FOLDER}${CLONE_BASE}"
	# setfacl -d -m u:"${SUDO_USER}":rwx -R "${GIT_WEBHOOK_BASE_FOLDER}${CLONE_BASE}"
	# web user must have access to the clone folder, RWX
	setfacl -m g:"${WWW_GROUP}":rwx -R \
		"${GIT_WEBHOOK_BASE_FOLDER}${CLONE_BASE}" \
		"${GIT_WEBHOOK_BASE_FOLDER}${WWW_BASE}";
	setfacl -d -m g:"${WWW_GROUP}":rwx -R \
		"${GIT_WEBHOOK_BASE_FOLDER}${CLONE_BASE}" \
		"${GIT_WEBHOOK_BASE_FOLDER}${WWW_BASE}";
	# Copy files
	echo "+ Copy basic script and config files";
	# git_sync.sh, init.sh, new_clone.sh, webhook.default.cfg
	cp \
		"${BASE_FOLDER}new_clone.sh" \
		"${BASE_FOLDER}init.sh" \
		"${BASE_FOLDER}git_sync.sh" \
		"${BASE_FOLDER}switch_branch.sh" \
		"${BASE_FOLDER}create_ssh_config.sh" \
		"${GIT_WEBHOOK_BASE_FOLDER}${CLONE_SCRIPTS_FOLDER}";
	cp \
		"${CONFIG_BASE}/webhook.cfg" \
		"${CONFIG_BASE}/webhook.default.cfg" \
		"${GIT_WEBHOOK_BASE_FOLDER}${CONFIG_FOLDER}";
	# and make sure they are all owned by the correct user
	chown "${SUDO_USER}" \
		"${BASE_FOLDER}new_clone.sh" \
		"${BASE_FOLDER}init.sh" \
		"${BASE_FOLDER}git_sync.sh" \
		"${BASE_FOLDER}switch_branch.sh" \
		"${BASE_FOLDER}create_ssh_config.sh" \
		"${CONFIG_BASE}/webhook.cfg" \
		"${CONFIG_BASE}/webhook.default.cfg";
fi;

# __END__